WebApp Sec mailing list archives
Re: SQL injection (no single quotes used)
From: PD9 Software <info () pd9soft com>
Date: Wed, 15 Dec 2004 18:20:03 -0500
Mutallip Ablimit wrote:
Same here. Is it a bug with query analyzer, or does ADO/OleDB/ODBC do something special to escape newline characters?Hi JC Quite interesting. But I couldn't get it work. It works fine on query analyser, but it didn't work when I try it on the application side (on the browser). (I used %0d%0a for the newline character)
If this was a prevalent problem, every ASP website that collected input from <textarea>s would be crashing.
Matt
Current thread:
- Re: Fwd: PHP Easter Eggs, (continued)
- Re: Fwd: PHP Easter Eggs Saqib . N . Ali (Nov 30)
- Re: Fwd: PHP Easter Eggs exon (Nov 30)
- Re: PHP Easter Eggs Paul Fierro (Dec 01)
- Re: PHP Easter Eggs Jimi Thompson (Dec 02)
- Re: PHP Easter Eggs Griffiths, Ian (Dec 03)
- SQL injection (no single quotes used) Juan Carlos Calderon (Dec 14)
- Re: SQL injection (no single quotes used) Olivier G. Gaumond (Dec 15)
- Re: SQL injection (no single quotes used) Juan Carlos (Dec 15)
- RE: SQL injection (no single quotes used) Brett Moore (Dec 16)
- Re: Fwd: PHP Easter Eggs exon (Nov 30)
- RE: SQL injection (no single quotes used) Mutallip Ablimit (Dec 15)
- Re: SQL injection (no single quotes used) PD9 Software (Dec 16)
- Re: Fwd: PHP Easter Eggs Saqib . N . Ali (Nov 30)
- Re: SQL injection (no single quotes used) Adam Tuliper (Dec 15)
- Re: PHP Easter Eggs Devin Egan (Nov 29)
- Re: PHP Easter Eggs Rick Crelia (Dec 08)
- Re: PHP Easter Eggs James Barkley (Dec 14)